Bug 137992

Summary: CachedFrame::destroy can detach the page from frames too soon
Product: WebKit Reporter: Vicki Pfau <jeffrey+webkit>
Component: HistoryAssignee: Vicki Pfau <jeffrey+webkit>
Status: RESOLVED CONFIGURATION CHANGED    
Severity: Normal CC: ahmad.saleem792, ap, beidson, bfulgham, ddkilzer, kling, rniwa
Priority: P2 Keywords: InRadar
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch ap: review-

Vicki Pfau
Reported 2014-10-22 17:38:27 PDT
CachedFrame::destroy contains code that will detach the page, sometimes too soon, causing crashes or assertion failures when teardown code for frames assumes there is still an attached page. <rdar://problem/18550647>
Attachments
Patch (1.81 KB, patch)
2014-10-22 17:40 PDT, Vicki Pfau 		ap: review-
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Vicki Pfau
Comment 1 2014-10-22 17:40:18 PDT
Created attachment 240313 [details] Patch
Alexey Proskuryakov
Comment 2 2014-10-22 19:44:40 PDT
Comment on attachment 240313 [details] Patch This appears to break tests: fast/loader/image-in-page-cache.html [ Crash Timeout Pass ] fast/frames/frame-crash-with-page-cache.html [ Timeout ]
Ahmad Saleem
Comment 3 2022-08-08 16:05:22 PDT
I can see the following code being present in Webkit source from Github: https://github.com/WebKit/WebKit/blob/75043d22e2b75e0018914f38ab381214f048dba2/Source/WebCore/history/CachedFrame.cpp#L261 Although line order is different and it was done in this commit: https://github.com/WebKit/WebKit/commit/8506cd994976591f9a1db0dc5c10fc698768687f#diff-24fdd2b5535690eeec8038c328da95c097199ec9f376593c366505033eb18931 Considering this change landed in one way or form, I am going to mark this bug as "RESOLVED WONTFIX". Thanks!
Note You need to log in before you can comment on or make changes to this bug.